UBUNTU-CVE-2015-7974

Source
https://ubuntu.com/security/CVE-2015-7974
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-7974.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-7974
Related
Published
2016-01-26T00:00:00Z
Modified
2016-01-26T00:00:00Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
  • 6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

References

Affected packages

Ubuntu:14.04:LTS / ntp

Package

Name
ntp
Purl
pkg:deb/ubuntu/ntp?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Affected versions

1:4.*

1:4.2.6.p5+dfsg-3ubuntu2
1:4.2.6.p5+dfsg-3ubuntu2.14.04.1
1:4.2.6.p5+dfsg-3ubuntu2.14.04.2
1:4.2.6.p5+dfsg-3ubuntu2.14.04.3
1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
1:4.2.6.p5+dfsg-3ubuntu2.14.04.6
1:4.2.6.p5+dfsg-3ubuntu2.14.04.7
1:4.2.6.p5+dfsg-3ubuntu2.14.04.8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntp"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntp-dbgsym"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntp-doc"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntpdate"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntpdate-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / ntp

Package

Name
ntp
Purl
pkg:deb/ubuntu/ntp?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.2.8p4+dfsg-3ubuntu5.3

Affected versions

1:4.*

1:4.2.6.p5+dfsg-3ubuntu8
1:4.2.6.p5+dfsg-3ubuntu8.1
1:4.2.6.p5+dfsg-3ubuntu9
1:4.2.8p4+dfsg-3ubuntu1
1:4.2.8p4+dfsg-3ubuntu2
1:4.2.8p4+dfsg-3ubuntu3
1:4.2.8p4+dfsg-3ubuntu4
1:4.2.8p4+dfsg-3ubuntu5
1:4.2.8p4+dfsg-3ubuntu5.1
1:4.2.8p4+dfsg-3ubuntu5.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntp"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntp-dbgsym"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntp-doc"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntpdate"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntpdate-dbgsym"
        }
    ]
}